• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Crash when adding vip to carp-enabled boxen

HA/CARP/VIPs
4
13
8.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Royce3
    last edited by Apr 10, 2006, 10:30 PM

    I'm following fully redundant carp tutorial and when I click to add the first virtual ip ( the wan one ), the master (the one I'm editing) takes a nose-dive.

    There's some slight differences in my setup from the tutorial. I have 4 nics in the box. I rename OPT1 to WAN2 and OPT2 to SYNC. Also, there's no "preemption" option referred to by the tutorial and I turn on all the synchronization options except "load balancing" ( I want failover - not load balancing ).

    Fatal trap 12: page fault while in kernel mode
    cpuid = 0; apic id = 00
    fault virtual address = 0x5d
    fault code = supervisor read, page not present
    instruction pointer = 0x20:0xc076be51
    stack pointer = 0x28:0xd0a9db80
    frame pointer = 0x28:0xd0a9dc40
    code segment = base 0x0, limit 0xfffff, type 0x1b
      = DPL 0, pres 1, def32 1, gran 1
    processor eflags = interrupt enabled, resume, IOPL = 0
    current process = 15393 (ifconfig)
    trap number = 12
    panic: page fault
    cpuid = 0
    Uptime: 3d3h28m40s
    Cannot dump. No dump device defined.

    When I reboot the box, I get an error about a missing XML file ( sorry I wasn't able to capture the info before it scrolled by ), and I have to start completely over assigning interfaces and setting lan ip, etc…

    I really want to use pfsense, especially for redundancy, but this is killing me. Please help/advise.

    1 Reply Last reply Reply Quote 0
    • S
      sullrich
      last edited by Apr 10, 2006, 10:44 PM

      You can only add a carp ip if you have a ip on the same subnet on a real interface.

      1 Reply Last reply Reply Quote 0
      • B
        billm
        last edited by Apr 11, 2006, 1:41 AM

        @Royce3:

        There's some slight differences in my setup from the tutorial. I have 4 nics in the box. I rename OPT1 to WAN2 and OPT2 to SYNC. Also, there's no "preemption" option referred to by the tutorial and I

        And you show exactly why documenting something that's under development is nearly a pointless task.  pre-emption is hardcoded to be on now - it's a good thing.

        @Royce3:

        turn on all the synchronization options except "load balancing" ( I want failover - not load balancing ).

        Load balancing has nothing to do with failover - that option is not a reference to the useless (and dangerous) load balancing option CARP can do.

        –Bill

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • R
          Royce3
          last edited by Apr 11, 2006, 3:17 PM

          @sullrich:

          You can only add a carp ip if you have a ip on the same subnet on a real interface.

          So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.

          1 Reply Last reply Reply Quote 0
          • R
            Royce3
            last edited by Apr 11, 2006, 5:57 PM

            @Royce3:

            @sullrich:

            You can only add a carp ip if you have a ip on the same subnet on a real interface.

            So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.

            No matter what I try I keep getting "XML error: no pfsense object found!". It looks like I'm going to have to completely reinstall pfsense. It would be nice if the web gui would prevent me from trying to do things that will completely crater the install.

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by Apr 11, 2006, 5:58 PM

              Bottom line is your hitting a kernel panic (freebsd crash).

              There is little we can do about this.  Try to configure it CORRECTLY and the crashes should stop.

              1 Reply Last reply Reply Quote 0
              • R
                Royce3
                last edited by Apr 11, 2006, 6:34 PM

                @sullrich:

                Bottom line is your hitting a kernel panic (freebsd crash).

                There is little we can do about this.  Try to configure it CORRECTLY and the crashes should stop.

                Is there a way I can make a copy of the xml file on the local filesystem so if it bombs again I don't have to start over from scratch?

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by Apr 11, 2006, 6:35 PM

                  If this is a full install, run this from a shell:

                  cvs_sync.sh releng_1

                  We've added some code to prevent this from happening.

                  1 Reply Last reply Reply Quote 0
                  • R
                    Royce3
                    last edited by Apr 25, 2006, 8:59 PM

                    Okay I finally got a chance to run the cvs_sync command and it worked this time.

                    I'm trying to go live with the system and I'm having a problem getting dns to work.

                    I haven't tested dhcp but I'm guessing it tells the clients to use the dns settings in the general setup page directly. I use mostly static ip on my network and would prefer to configure the clients' dns server to point to the LAN CARP IP. I know I could setup a forwarding rule in outbound nat, but I'm hoping there's a way to have the router itself perform the dns lookup so that I'm not tied to a specific dns server.

                    Here's my config file, I wiped out the public names and ip addresses and the passwords:

                    
                     <pfsense><version>2.3</version>
                    	 <lastchange><theme>metallic</theme>
                    	 <system><optimization>normal</optimization>
                    		<hostname>wasrouter1</hostname>
                    		<domain>***.***.net</domain>
                    		<username>admin</username>
                    		<password>********</password>
                    		<timezone>America/Chicago</timezone>
                    		<time-update-interval>300</time-update-interval>
                    		<timeservers>pool.ntp.org</timeservers>
                    		 <webgui><protocol>http</protocol></webgui> 
                    		<dnsserver>*.*.169.1</dnsserver>
                    		<dnsserver>*.*.220.5</dnsserver>
                    		 <dnsallowoverride></dnsallowoverride></system> 
                    	 <interfaces><lan><if>rl1</if>
                    			<ipaddr>192.168.0.250</ipaddr>
                    			<subnet>24</subnet>
                    			 <media><mediaopt><bandwidth>100</bandwidth>
                    			<bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> 
                    		 <wan><if>rl0</if>
                    			 <mtu><blockpriv><media><mediaopt><bandwidth>100</bandwidth>
                    			<bandwidthtype>Mb</bandwidthtype>
                    			 <disableftpproxy><ipaddr>*.*.218.247</ipaddr>
                    			<subnet>23</subnet>
                    			<gateway>*.*.219.252</gateway>
                    			 <blockbogons><spoofmac></spoofmac></blockbogons></disableftpproxy></mediaopt></media></blockpriv></mtu></wan> 
                    		 <opt1><if>dc0</if>
                    			<descr>WAN2</descr>
                    			 <bridge><enable><ipaddr>*.*.231.155</ipaddr>
                    			<subnet>23</subnet>
                    			<gateway>*.*.231.154</gateway>
                    			 <spoofmac></spoofmac></enable></bridge></opt1> 
                    		 <opt2><if>fxp0</if>
                    			<descr>SYNC</descr>
                    			 <bridge><enable><ipaddr>192.168.250.1</ipaddr>
                    			<subnet>24</subnet>
                    			 <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2></interfaces> 
                    	 <staticroutes><pppoe><pptp><bigpond><dyndns><type>dyndns</type>
                    		 <username><password></password></username></dyndns> 
                    	 <dhcpd><lan><range><from>192.168.1.100</from>
                    				<to>192.168.1.199</to></range></lan></dhcpd> 
                    	 <pptpd><mode><redir><localip></localip></redir></mode></pptpd> 
                    	 <ovpn><dnsmasq><enable></enable></dnsmasq> 
                    	 <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> 
                    	 <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> 
                    	 <bridge><syslog><nat><ipsecpassthru><advancedoutbound><rule><source>
                    					<network>192.168.0.0/24</network>
                    
                    				 <sourceport><descr>use WAN carp for LAN</descr>
                    				<target>*.*.218.245</target>
                    				<interface>wan</interface>
                    				 <destination><any></any></destination> 
                    				 <natport></natport></sourceport></rule> 
                    			 <enable></enable></advancedoutbound></ipsecpassthru></nat> 
                    	 <filter><rule><type>pass</type>
                    			<descr>Default LAN -> any</descr>
                    			<interface>lan</interface>
                    			<source>
                    				<network>lan</network>
                    
                    			 <destination><any></any></destination></rule> 
                    		 <rule><type>pass</type>
                    			<interface>opt2</interface>
                    			 <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                    			 <os><source>
                    				 <any><destination><any></any></destination> 
                    			<descr>trust the Sync-Subnet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter> 
                    	 <ipsec><preferredoldsa></preferredoldsa></ipsec> 
                    	 <aliases><proxyarp><wol><installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled>
                    				<pfsyncinterface>SYNC</pfsyncinterface>
                    				 <balancing><synchronizerules>on</synchronizerules>
                    				<synchronizealiases>on</synchronizealiases>
                    				<synchronizenat>on</synchronizenat>
                    				<synchronizeipsec>on</synchronizeipsec>
                    				<synchronizewol>on</synchronizewol>
                    				<synchronizestaticroutes>on</synchronizestaticroutes>
                    				<synchronizelb>on</synchronizelb>
                    				<synchronizevirtualip>on</synchronizevirtualip>
                    				<synchronizetrafficshaper>on</synchronizetrafficshaper>
                    				<synchronizednsforwarder>on</synchronizednsforwarder>
                    				<synchronizetoip>192.168.250.2</synchronizetoip>
                    				<password>********</password></balancing></config></carpsettings></installedpackages> 
                    	 <revision><description>/firewall_nat_out.php made unknown change</description>
                    		<time>1145994769</time></revision> 
                    	 <virtualip><vip><mode>carp</mode>
                    			<interface>wan</interface>
                    			<vhid>1</vhid>
                    			<advskew>0</advskew>
                    			<password>********</password>
                    			<descr>WAN-NSN-CARP</descr>
                    			<type>single</type>
                    			<subnet_bits>23</subnet_bits>
                    			<subnet>*.*.218.245</subnet></vip> 
                    		 <vip><mode>carp</mode>
                    			<interface>lan</interface>
                    			<vhid>3</vhid>
                    			<advskew>0</advskew>
                    			<password>********</password>
                    			<descr>LAN-CARP</descr>
                    			<type>single</type>
                    			<subnet_bits>23</subnet_bits>
                    			<subnet>192.168.0.3</subnet></vip></virtualip></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></staticroutes></lastchange></pfsense> 
                    
                    
                    1 Reply Last reply Reply Quote 0
                    • R
                      Royce3
                      last edited by Apr 26, 2006, 5:26 PM Apr 25, 2006, 10:53 PM

                      correction: it's not routing any packets, not just dns. I've looked through the system logs and diagnostics. I'm not sure what to do to get it routing properly. I can ping the lan carp ip ( 192.168.0.3 ), but I can't ping the isp default gateway - something that does work on my old router, so I assume it's not routing packets at all. Please advise

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by May 5, 2006, 1:31 PM

                        @Royce3:

                        
                        ...
                        	 <interfaces><lan><if>rl1</if>
                        			<ipaddr>192.168.0.250</ipaddr>
                        			<subnet>24</subnet>
                        			 <media><mediaopt><bandwidth>100</bandwidth>
                        			<bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> 
                        
                        ...
                        
                        		 <vip><mode>carp</mode>
                        			<interface>lan</interface>
                        			<vhid>3</vhid>
                        			<advskew>0</advskew>
                        			<password>********</password>
                        			<descr>LAN-CARP</descr>
                        			<type>single</type>
                        			<subnet_bits>23</subnet_bits>
                        			<subnet>192.168.0.3</subnet></vip></interfaces> 
                        

                        Why does your CARP LAN VIP have a /23 subnetmasks?

                        1 Reply Last reply Reply Quote 0
                        • R
                          Royce3
                          last edited by May 8, 2006, 3:54 PM

                          @hoba:

                          Why does your CARP LAN VIP have a /23 subnetmasks?

                          D'oh! (smacks forehead) I can't believe I missed that. It's routing packets now! Thanks a million!

                          1 Reply Last reply Reply Quote 0
                          • H
                            hoba
                            last edited by May 8, 2006, 6:46 PM

                            ;D

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.